X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fclamp%2Fclds%2Futil%2FCryptoUtils.java;h=1ddf3a90a09fdae8538a592fbb660d9e766f6c24;hb=536db7b811eba341aef48a745b495da068d170eb;hp=9f408105e240bb0bf5b578fa64a5ebc7291a678b;hpb=f90f2a3008dc7b3a93aa3a94f0c089086381df88;p=clamp.git

diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
index 9f408105..1ddf3a90 100644
--- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
+++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
@@ -26,17 +26,14 @@ package org.onap.clamp.clds.util;
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
 import com.google.common.base.Charsets;
-
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.security.GeneralSecurityException;
 import java.security.SecureRandom;
 import java.util.Properties;
-
 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.lang3.ArrayUtils;
@@ -65,6 +62,12 @@ public final class CryptoUtils {
      * Definition of encryption algorithm.
      */
     private static final String ALGORITHM = "AES";
+
+    /**
+     * AES Encryption Key environment variable for external configuration.
+     */
+    private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY";
+
     /**
      * Detailed definition of encryption algorithm.
      */
@@ -93,13 +96,11 @@ public final class CryptoUtils {
     /**
      * Encrypt a value based on the Clamp Encryption Key.
      * 
-     * @param value
-     *            The value to encrypt
+     * @param value The value to encrypt
      * @return The encrypted string
-     * @throws GeneralSecurityException
-     *             In case of issue with the encryption
-     * @throws UnsupportedEncodingException
-     *             In case of issue with the charset conversion
+     * @throws GeneralSecurityException     In case of issue with the encryption
+     * @throws UnsupportedEncodingException In case of issue with the charset
+     *                                      conversion
      */
     public static String encrypt(String value) throws GeneralSecurityException {
         Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
@@ -113,14 +114,11 @@ public final class CryptoUtils {
     /**
      * Decrypt a value based on the Clamp Encryption Key.
      * 
-     * @param message
-     *            The encrypted string that must be decrypted using the Clamp
-     *            Encryption Key
+     * @param message The encrypted string that must be decrypted using the Clamp
+     *                Encryption Key
      * @return The String decrypted
-     * @throws GeneralSecurityException
-     *             In case of issue with the encryption
-     * @throws DecoderException
-     *             In case of issue to decode the HexString
+     * @throws GeneralSecurityException In case of issue with the encryption
+     * @throws DecoderException         In case of issue to decode the HexString
      */
     public static String decrypt(String message) throws GeneralSecurityException, DecoderException {
         byte[] encryptedMessage = Hex.decodeHex(message.toCharArray());
@@ -135,11 +133,9 @@ public final class CryptoUtils {
     /**
      * Method used to generate the SecretKeySpec from a Base64 String.
      * 
-     * @param keyString
-     *            The key as a string in Base 64
+     * @param keyString The key as a string in Base 64
      * @return The SecretKeySpec created
-     * @throws DecoderException
-     *             In case of issues with the decoding of Base64
+     * @throws DecoderException In case of issues with the decoding of Base64
      */
     private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException {
         byte[] key = Hex.decodeHex(keyString.toCharArray());
@@ -147,17 +143,23 @@ public final class CryptoUtils {
     }
 
     /**
-     * Reads SecretKeySpec from file specified by propertiesFileName
+     * Reads SecretKeySpec from file specified by propertiesFileName.
      *
-     * @param propertiesFileName
-     *            File name with properties
+     * @param propertiesFileName File name with properties
      * @return SecretKeySpec secret key spec read from propertiesFileName
      */
     private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
         Properties props = new Properties();
         try {
-            props.load(ResourceFileUtil.getResourceAsStream(propertiesFileName));
-            return getSecretKeySpec(props.getProperty(KEY_PARAM));
+            // Workaround fix to make encryption key configurable
+            // System environment variable takes precedence for over clds/key.properties
+            String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
+            if (encryptionKey != null && encryptionKey.trim().length() > 0) {
+                return getSecretKeySpec(encryptionKey);
+            } else {
+                props.load(ResourceFileUtils.getResourceAsStream(propertiesFileName));
+                return getSecretKeySpec(props.getProperty(KEY_PARAM));
+            }
         } catch (IOException | DecoderException e) {
             logger.error("Exception occurred during the key reading", e);
             return null;